CiscoWorks Security Information Management Solution (SIMS)
CiscoWorks SIMS from Cisco Systems® delivers comprehensive tools to empower security organizations to combat threats more efficiently while connecting the security organization with network operations, compliance, risk management, and line of business managers. This powerful combination empowers large, distributed enterprises to successfully manage the overwhelming volume of security events and limit risk exposure by consistently reducing remediation cycle times, while creating a security infrastructure that supports strategic business objectives.
Built on a standards-based methodology to optimize security operations, CiscoWorks SIMS helps security organizations prepare to combat, identify, and respond to threats to mitigate risk and continuously reduce time to remediation. Unlike less mature solutions, CiscoWorks SIMS is an integrated solution built on a robust architecture that can scale to deliver 24-by-7 security information management across a complex, distributed, and heterogeneous enterprise.
The latest release of CiscoWorks SIMS sets the standard for enterprise-class security information management by enhancing its widely scalable Security Information Management (SIM) architecture, and by providing new functions for dynamic threat visualization, next-generation analysis and reporting, and embedded security knowledge.
PREPARE
CiscoWorks SIMS 3.2.1 helps customers prepare to meet the challenges of securing the enterprise, regardless of the number of devices, sites, users, and security events. Cisco® has expanded the robust architecture of CiscoWorks SIMS for unparalleled connectivity to network and security devices, as well as high performance, availability, and scalability at the lowest cost.
FAULT TOLERANCE AND LOAD SHARING
Multiple forms of failover help guarantee that CiscoWorks SIMS will operate regardless of how large or small the enterprise infrastructure is. With the latest release, customers can create redundancy at every level of the SIM architecture within one site or across a distributed installation. CiscoWorks SIMS provides agent-to-engine, engine-to-engine, and database-to-database failover to create redundancy across a distributed SIM implementation. This provides an important alternative to SIM solutions that rely on a single point of failure, and helps ensure that operators have continuous access to real-time and historical security information. This fault tolerance extends the CiscoWorks SIMS existing distributed engine architecture and agent-to-agent failover to provide the highest performance and reliability as the SIM implementation expands.
THREAT VISUALIZATION
CiscoWorks SIMS 3.2.1 is the first SIM solution that allows companies to use new visual tools on top of tabular reports and sophisticated analytics to assimilate information faster, differentiate false positives from real threats, understand the exact nature and scope of a threat, and make sure that vulnerabilities are mitigated before a threat can proliferate. CiscoWorks SIMS Release 3.2.1 introduces the following new advanced visualization features:
• The new Link Map feature allows analysts to visualize relationships among different assets under attack to identify the target, type, and method of attack. Analysts can immediately see the course of an attack in real time as it propagates across a network. Playback controls allow users to recreate the attack so they can determine the full extent of vulnerability and anticipate where an attack is heading. Analysts can drill down on a specific asset at any time to get more specific information.
• A new Geo Map allows analysts and operators to track events by country and city, flag suspicious traffic from specific countries, and pinpoint suspicious sources down to a specific longitude and latitude.
• Expanded charting capabilities give users more visual references that are easy to understand. Users now have a wider range of custom charting options to help identify threats and present summary views of data to management. Charts are fully drillable, creating links for further exploration.
FLEXIBLE REPORTING
In this release, CiscoWorks SIMS now contains more reporting options that are transparently integrated with analytics and data visualization views to provide a comprehensive understanding of an organization's security picture at any point in time. New reporting functions allow users to easily integrate real-time and historical information to spot emerging trends, while helping users reuse the same dataset across all views. This eliminates the need to run multiple instances of the same report. CiscoWorks SIMS 3.2.1 contains the following new reporting features:
• Custom report creation allows users to get tailored report information relevant to their specific enterprise security processes and procedures.
• Role-based dashboards meet the specific information needs of analysts, operators, and executives as soon as the system is operational. These fully customizable dashboards support multiple layout formats, while allowing users to combine real-time and historical views of information.
POWERFUL ANALYTICS WITH INTEGRATED CHARTING
CiscoWorks SIMS 3.2.1 contains powerful data analysis that allows users to carefully examine security data using multiple dimensions of data in a familiar pivot table format:
• Data-mining functions allow security personnel to analyze events based on specific criteria to identify anomalous incidents. As a result, security analysts can now pinpoint raw event details that were previously undetectable in a console style view.
• Drillable charts present the results in an intuitive format while allowing further analysis.
• Analysts gain detailed views of specific actions over any given time period.
INTEGRATED KNOWLEDGE BASE
CiscoWorks SIMS provides analysts with instant access to the CiscoWorks SIMS knowledge base, eliminating the need to perform hours of research into vulnerabilities and threats.
• With the 3.2.1 release, the knowledge base has been improved to provide more updated information on a wider range of security issues, including newly discovered vulnerabilities, malware, and vendor-specific vulnerability data. Security teams have unified access to this information directly from CiscoWorks SIMS.
• CiscoWorks SIMS is the only SIM vendor with a dedicated research team that publishes regular knowledge base advisories to help security teams keep pace with the burgeoning volume of vulnerability information.
Customers can download these updates directly from the Web to make sure that the knowledge base is fully updated with the latest information.
INTEGRATED THREAT VISUALIZATION
Users can now attach specific Link Map, Geo Map, and Chart Views to cases so that different members of the security team can replicate the threat identification process throughout the remediation lifecycle.
